kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: restore local-session HM routing and update shared sops key path

Browse Source
This commit is contained in:
Jelle Spreeuwenberg
2026-04-17 01:26:38 +02:00
parent 9af07bedff
commit b04bd5e61e
7 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/secrets/sops.nix
View File

@@ -8,6 +8,7 @@ in
{ host, ... }:
let
missingAdminUsers = lib.filter (userName: !(builtins.hasAttr userName host.users)) host.sopsAdminKeyUsers;
hasSharedAdminKey = host.sopsAdminKeyPath != null && host.sopsAdminKeyUsers != [ ];
adminKeyDir = if host.sopsAdminKeyPath == null then null else builtins.dirOf host.sopsAdminKeyPath;
in
{
@@ -27,7 +28,7 @@ in
};
};
users.groups = lib.optionalAttrs (host.sopsAdminKeyUsers != [ ]) {
users.groups = lib.optionalAttrs hasSharedAdminKey {
${sopsReadersGroup} = { };
};
@@ -35,8 +36,9 @@ in
extraGroups = [ sopsReadersGroup ];
});
systemd.tmpfiles.rules = lib.optionals (adminKeyDir != null) [
systemd.tmpfiles.rules = lib.optionals hasSharedAdminKey [
"d ${adminKeyDir} 0750 root ${sopsReadersGroup} -"
"z ${host.sopsAdminKeyPath} 0640 root ${sopsReadersGroup} -"
];
assertions = [